A Brittish security company has proven that connected cars are not safe from the security risks the Internet of Things (IoT) holds. Pen Test Partners was successfully able to hack into the Mitsubishi Outlander plug-in hybrid and cause a little mischief. They claim they were able to gain access to the HVAC controls, the headlights, maintenance alerts, and were even able to disarm the alarm.
The security company states that what peaked their interest was the way the Mitsubishi app designed for the car communicated with it. Rather than using a cellular network to communicate with the car the app utilizes Wifi connectivity. While there are security benefits to using Wifi over cellular networks (Wifi has a limited range at which it can work), Mitsubishi’s 10-character Wifi password was a fairly weak defense.
This is definitely a demonstration that car manufacturers need to pay close attention to implementing security measures as cars become more connected with the development and advancements in technology. However, it is important to note that the security breach is not as bad as it could have been. Pen Test Partners were unable to gain access to the CANBUS system which would have given them access to the electronic steering and electronic throttle. While able to disarm the alarm, the security company was unable to remotely unlock it. Additionally, it took them an entire four days to crack the SUV’s password.
Pen Test Partners has confirmed that they’ve alerted Mitsubishi of the security weakness and they are working to remedy the issue. Until the problem is solved, the security company is recommending that owners of the Mitsubishi Outlander plug-in hybrid disable the cars Wifi capabilities. Hopefully, Mitsubishi manages to find a solution before the car makes its debut in the US this fall.
Featured Image Via Mitsubishi Motors